Set Up A Local VPN’ed SOCKS Proxy

There may be a time when you only want a specific program (or set of programs) to run through a VPN rather than your whole connection. I recently set up a local Ubuntu 12.04.4 server that allows me to do this, and I’m going to show you how I did it. For this guide I’m going to assume you already have Ubuntu Server installed.

Required Tools

• A machine running Ubuntu Server. I’ll be using a virtualized machine running 12.04.4
• Bitvise Tunnelier (free for personal use)
• A VPN Provider. I will be using Private Internet Access. Note that we will be using OpenVPN in this guide, so make sure to choose a VPN provider that provides OpenVPN configuration files or that you know how to create them. Private Internet Access provides a downloadable zip file with all their configuration files.

Set a Static IP

Our server will need a static IP address so that it doesn’t change on us. To do this, we’ll need to edit /etc/network/interfaces. I’ll be using the IP address 192.168.1.20. Let’s fire up the nano editor and edit this file by typing:

Here’s what my configuration looks like to use the IP 192.168.1.20:

When you’ve updated the interfaces file, reboot your server by typing sudo reboot now. You should now be able to connect to the machine using the static IP address.

Install OpenVPN

Next we’ll need to install OpenVPN. We can do this by typing:

Upload OpenVPN Configuration Files

After we’ve installed OpenVPN, it’s time to grab the configuration files from our VPN provider. For Private Internet Access, they can be obtained from here. I downloaded the OPENVPN CONFIGURATION FILES (IP). Once you have all your configuration files, upload them to the server. I’ll be uploading them to /home/vpn. If the configuration file you want to use has any spaces in its name, you can remove them to make it easier later. I’ll be using the US Seattle.ovpn configuration file from Private Internet Access but renaming it to USSeattle.opvn.

Create the Startup Script

Next we’ll create the startup script. We want our server to automatically connect to the VPN upon startup so we don’t need to manually connect each time. Let’s fire up our editor and create the startup script by typing:

Once we’re in the editor, enter the following:

This will start OpenVPN using the configuration file /home/vpn/USSeattle.opvn and using /home/vpn/credentials as our credentials file. This file doesn’t exist yet, but we’ll create it soon. After you’ve saved vpn_startup.sh, run the following commands:

Create the Credentials File

The credentials file is a plain text file that will store our username and password. Let’s create this file using the nano editor:

In this file, enter your username and password for connecting to the VPN on separate lines:

At this point if we were to reboot our server, it would connect to the VPN on startup. If we reboot however, we’ll lose the ability to SSH into the server which we need for the SOCKS proxy. To remedy this, we’ll need to modify the OpenVPN configuration file to run a custom script that will add some routing rules so we can still SSH into our server.

Modify the OpenVPN Configuration File

We need to edit our OpenVPN configuration file so we can add a couple lines to it. Lets fire up nano once again:

At the bottom of this file, add the lines:

This will allow us to run a custom script once the VPN connection is made. This script isn’t created yet, but we’ll create it in the next step.

Also, in this file you’ll see a line that starts with ca, such as ca ca.crt. We need to update this line with the absolute path to the certificate file. So, change this line to:

Here is what the final configuration will look like:

Create the Connection Script

Next we’ll create the script that will run once a VPN connection is made successfully. Lets fire up nano again:

Add the following lines:

I’ll be honest I’m not entirely sure how these rules work, but they allow us to connect to the server via SSH when connected to the VPN. I assume that the table 10 part of it references the VPN IP address. When I’m successfully connected to the VPN, the tunnel adapter is assigned an IP address of 10.x.x.x. Once you’ve saved this file, we need to add execute permissions to it:

You can now reboot your server using sudo reboot now. Upon restart, your server should automatically connect to the VPN, and you should still be able to SSH to it.

Create the SOCKS Proxy

Next we’ll need to fire up Bitvise Tunnelier that you downloaded at the start of this guide. Enter the following settings on the Login tab:

Finally, enter the following on the Services tab:

The port number is up to you. Just remember it for later when we go to set our application up to use the proxy. Finally, click the Login button.

Use the Proxy!

Now you’ll have to set up the connection settings in the application you want to use the proxy for. I’ll use Firefox as an example. Open up Firefox and go to the settings:

 

Next, click the Advanced tab followed by the Settings… button under Connection:

 

Enter the following settings (use the port you used from earlier):

 

Click OK to everything and Firefox should now be using your SOCKS proxy and VPN connection! If you’d like to only VPN certain websites, I’d recommend the FoxyProxy extension for Firefox or Chrome. To verify that it’s using the VPN’ed connection, you can go to whatismyip.com and look at the IP address.